GDPR Compliance and Protection with Teleran
Escalating Data Compliance Demands and Security Threats
Who is accessing your company’s sensitive data?
The answer to this critical question is not only a security concern, but it is now also a legal concern since the European Union (EU) has adopted the General Data Protection Regulation (GDPR). The GDPR is a set of strict rules designed to protect EU citizens’ personally identifiable information (PII). (Key GDPR Provisions). Organizations anywhere in the world doing business with EU citizens must meet GDPR regulations by May of 2018. If this is the case for your company, it means you need to know where all PII resides in your environment, who is accessing this data, and how to prevent unauthorized access to it.
Closing Compliance and Security Gaps
Like most organizations, a large percentage of your company’s sensitive data resides in databases. And, you may have configured your production databases to encrypt your data at rest and allow only authorized users to read or modify the data. However, this does not protect your sensitive data from insider threats (for example from privileged users), or external hackers. Teleran can help you address these and other threats and, at the same time, provide comprehensive compliance auditing and reporting on PII access to meet GDPR and other compliance regulations around the globe.
Automatically Auditing and Controlling Access to Sensitive Data
Teleran’s software provides continuous data monitoring, security analytics and expert system-based access control for your database environments. Teleran’s Data Protection and Compliance solution includes iSight which continuously monitors all database access in real-time. It detects unauthorized access and use of data, based on deep analytics that deliver the “who, what, where, when, and how” of each transaction. The solution also includes, iGuard, a real-time policy access control product that automatically evaluates and prevents unauthorized or suspicious activities by authorized users and potential hackers. Teleran’s software addresses data compliance audit and protection regulations of the EU GDPR and other data privacy and security regulations world-wide.
Comprehensive Visibility of Sensitive Data is Key
The first step in deploying Teleran’s solution for GDPR is to use iSight to discover and classify sensitive data. It includes a patented process that analyzes data objects that enables you to quickly confirm where your sensitive data resides. The second step is use iSight to monitor your database access and identify how your sensitive data is actually used, and if that access and use is in compliance with GDPR mandates. iSight captures SQL queries going to your databases by monitoring all network traffic before it hits your databases. The SQL queries that are captured along with much information about the data request (such as time, database account, user identity, client IP address, client program, etc.) are logged in the secure Teleran repository. With a series of analytical dashboards and reports, you can see who is accessing your data, where they are coming from, what applications they are using, when they accessed the data, and what activity is not compliant and what activity is suspicious and requires further monitoring or analysis.
Automated Data Protection Reduces Effort and Reduces Risks
The next step is to implement Teleran’s iGuard policy action engine. It gives you the capability to prevent unauthorized access to sensitive data by blocking inappropriate queries before they hit the database. With iGuard you can prevent data leakage from your sensitive databases. iGuard delivers over 70 pre-defined and easily customizable policies that you can use to protect PII in your environment. For example, policies can be set up to prevent access to sensitive columns by white listing, or black listing certain database users, IP addresses and/or applications. Additionally, you can apply policies that restrict access based on times of the day, or policies that force a join to a specific security authorization table. Also, you can set up policies that prevent a “Select *” query (an unconstrained query that allows access to all data in a table). These kinds of policies prevent unauthorized data marts (large data downloads), or other nefarious behaviors.
Visibility on Business Use of Your Data Improves Business Outcomes Too
Finally, since Teleran provides 100% visibility on data access and user behavior, the Teleran solution is a fantastic source of not only demonstrating compliance with GDPR and other regulations, but also delivering intelligence to help you improve database application performance, identify unused or rarely used data that can be archived and significantly reduce operating costs, and plan for efficient future growth of your database resources.
About Dave Newman
Dave is Director of Systems Engineering at Teleran. He has over 20 years’ experience in customer-facing roles including technical software sales support, account management, project management and training. He is a subject matter expert in security, database applications and strategic solution sales. Dave is respected by both customers and partners for establishing trusted advisor relationships.
Get in touch with Dave at: firstname.lastname@example.org or Linked In.